Jump to content


Photo

Validating SQL


  • Please log in to reply
3 replies to this topic

#1 ryanh_106

ryanh_106
  • Members
  • PipPipPip
  • Advanced Member
  • 48 posts

Posted 16 August 2006 - 10:09 PM

Hi, sorry if this is a noddy question but I am pretty new to reg exps

I want to check that an SQL statement is of the form
INSERT INTO table (cols) VALUES (values)
and not
INSERT INTO table (cols) VALUES (values), (morevalues), (moreagain)

i.e. Only one set of values is being used (nobody has injected an extra row in there)

but when I imagine how the regexp would look i can only imagine something like (.*) which could still be "(x), (y), (z)"

How does this work?
Cheers
Ryan

#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 17 August 2006 - 12:09 PM

you should not be allowing users to inject mysql!

any data you process from a form should be checked to see if they are trying to inject - using mysql_escape_string or mysql_escape_real_string are what you need.
follow me on twitter @PHPsycho

#3 ryanh_106

ryanh_106
  • Members
  • PipPipPip
  • Advanced Member
  • 48 posts

Posted 17 August 2006 - 01:15 PM

:-[ ???

Where did I say I wanted to let them inject SQL??? That would just be stupid, I am trying to check they ARENT injecting.

I was interested to know how this could be checked using reg exps (aswell as the mysql functions)

#4 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 17 August 2006 - 02:58 PM

Where did I say you were wanting them to insetr mysql? I sadi you shoudl not let them - by that I mean your code shoudl be such that youare protected against injection....

So I will accept your apology before you offer it  ;)

There is no point in reasearching what regex you will need to perform thsi task - it will be less efficient and less effective than the already availbe, built for purpose functions.
follow me on twitter @PHPsycho




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users